2018-01-29 - THREE DAYS OF SEAMLESS CAMPAIGN RIG EK pUSHING GANDCRAB RANSOMWARE

ASSOCIATED FILES:

  • 2018-01-27-Seamless-Rig-EK-sends-GandCrab-ransomware.pcap   (339,191 bytes)
  • 2018-01-28-Seamless-Rig-EK-sends-GandCrab-ransomware.pcap   (267,865 bytes)
  • 2018-01-29-Seamless-Rig-EK-sends-GandCrab-ransomware.pcap   (317,434 bytes)
  • 2018-01-27-GDCB-DECRYPT.txt   (2,774 bytes)
  • 2018-01-27-Rig-EK-artifact-o32.tmp.txt   (1,141 bytes)
  • 2018-01-27-Rig-EK-flash-exploit.swf   (11,917 bytes)
  • 2018-01-27-Rig-EK-landing-page.txt   (97,376 bytes)
  • 2018-01-27-Seamless-campaign-Rig-EK-payload-GandCrab-ransomware.exe   (221,184 bytes)
  • 2018-01-28-GDCB-DECRYPT.txt   (2,774 bytes)
  • 2018-01-28-Rig-EK-artifact-u32.tmp.txt   (1,141 bytes)
  • 2018-01-28-Rig-EK-flash-exploit.swf   (11,909 bytes)
  • 2018-01-28-Rig-EK-landing-page.txt   (95,204 bytes)
  • 2018-01-28-Seamless-campaign-Rig-EK-payload-GandCrab-ransomware.exe   (148,992 bytes)
  • 2018-01-29-Rig-EK-artifact-u32.tmp.txt   (1,141 bytes)
  • 2018-01-29-Rig-EK-flash-exploit.swf   (11,909 bytes)
  • 2018-01-29-Rig-EK-landing-page.txt   (95,583 bytes)
  • 2018-01-29-Seamless-campaign-Rig-EK-payload-GandCrab-ransomware.exe   (235,520 bytes)

NOTES:

 

WEB TRAFFIC BLOCK LIST

The following block list is based on URLs and domains from the infection traffic.  See the traffic images for more details.

 

TRAFFIC


Shown above:  Seamless campaign Rig EK from 2018-01-27.

 


Shown above:  Seamless campaign Rig EK from 2018-01-28.

 


Shown above:  Seamless campaign Rig EK from 2018-01-29.

 

MALWARE

RIG EK FLASH EXPLOITS:

GANDCRAB RANSOMWARE:

GANDCRAB RANSOMWARE PERSISTENT ON AN INFECTED WINDOWS HOST ON 2018-01-29:

 

IMAGES


Shown above:  Encrypted files on an infected Windows host.

 


Shown above:  Gandcrab decryptor.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.